netfilter: conntrack: dccp: try not to drop skb in conntrack

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

It would be better not to drop skb in conntrack unless we have good
alternatives. So we can treat the result of testing skb's header
pointer as nf_conntrack_tcp_packet() does.

Signed-off-by: Jason Xing <kernelxing@tencent.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Jason Xing and committed by

Pablo Neira Ayuso 2 years ago 40616789 4a3540a8

+2 -2

1 changed file

expand all

net

netfilter

nf_conntrack_proto_dccp.c

+2 -2

net/netfilter/nf_conntrack_proto_dccp.c

··· 525 525 526 526 dh = skb_header_pointer(skb, dataoff, sizeof(*dh), &_dh.dh); 527 527 if (!dh) 528 - return NF_DROP; 528 + return -NF_ACCEPT; 529 529 530 530 if (dccp_error(dh, skb, dataoff, state)) 531 531 return -NF_ACCEPT; ··· 533 533 /* pull again, including possible 48 bit sequences and subtype header */ 534 534 dh = dccp_header_pointer(skb, dataoff, dh, &_dh); 535 535 if (!dh) 536 - return NF_DROP; 536 + return -NF_ACCEPT; 537 537 538 538 type = dh->dccph_type; 539 539 if (!nf_ct_is_confirmed(ct) && !dccp_new(ct, skb, dh, state))